[lustre-devel] osp_md_index_it_next() may have a bug
Andreas Dilger
adilger at thelustrecollective.com
Wed Jan 7 10:22:54 PST 2026
Hi Caifeng,
Could you please file this issue in Jira (https://jira.whamcloud.com/ ) and potentially push the fix patch to Gerrit (https://wiki.lustre.org/Submitting_Changes )
Cheers, Andreas
On Dec 22, 2025, at 07:26, caifengzhu via lustre-devel <lustre-devel at lists.lustre.org> wrote:
Hi,
It seems osp_md_index_it_next() have a bug. Consider the case that 'ent' is non
null and points to the last entry in the current index page. In this case, a
new index page will be loaded with osp_it_next_page() and after the loading,
'ent' remains intact. The entry retrieving based on 'ent' is wrong. Even
worse, it may cause kernel crash by accessing an unmaped page.
A simple fix may be like below.
diff --git a/lustre/osp/osp_md_object.c b/lustre/osp/osp_md_object.c
index 975249d498..88f3cb0002 100644
--- a/lustre/osp/osp_md_object.c
+++ b/lustre/osp/osp_md_object.c
@@ -663,7 +663,7 @@ static int osp_md_index_it_next(const struct lu_env *env, struct dt_it *di)
{
struct osp_it *it = (struct osp_it *)di;
struct lu_idxpage *idxpage;
- struct lu_dirent *ent = (struct lu_dirent *)it->ooi_ent;
+ struct lu_dirent *ent;
int rc;
ENTRY;
@@ -674,7 +674,7 @@ again:
RETURN(1);
it->ooi_pos_ent++;
- if (ent == NULL) {
+ if ((ent = (struct lu_dirent *)it->ooi_ent) == NULL) {
it->ooi_ent =
(struct lu_dirent *)idxpage->lip_entries;
RETURN(0);
Best Regards!
_______________________________________________
lustre-devel mailing list
lustre-devel at lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20260107/fa03ac15/attachment.htm>
More information about the lustre-devel
mailing list